Privacy Policy

Effective date: March 14, 2026 Last updated: March 14, 2026

1. Introduction

DICOM Reader (“we,” “our,” or “us”) operates the DICOM Reader service, an AI-assisted tool that helps you understand medical imaging studies (DICOM files) by generating non-diagnostic, educational summaries and reports. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

Contact:
For privacy-related questions or requests, contact us at:
support@dicom-reader.com

2. Information We Collect

2.1 Account information

Email address – when you create an account
Password – stored in encrypted form by our authentication provider (Supabase). We do not have access to your plain-text password.

2.2 Imaging and report data

DICOM files – medical imaging studies (e.g., CT, MRI, X-ray, ultrasound) that you upload
Report data – AI-generated summaries, findings, impressions, and related metadata we create from your studies
Chat messages – questions you ask and answers generated in follow-up chat about your reports

This data may include information that could be considered health-related. We treat it as sensitive and use it only to provide and improve the service.

2.3 Payment information

Payment processing is handled by Stripe. We do not store your full credit card number. We receive and store only what Stripe provides (e.g., customer ID, session IDs, and that a payment was completed) so we can credit your account and manage purchases.

2.4 Usage and technical data

Log data – such as IP address, browser type, request timestamps, and error logs, for operation and security
Cookies / storage – we use session and authentication-related storage so you can stay signed in. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

Provide the service – create and manage your account, store and process your DICOM studies, generate reports, run follow-up chat, and manage report credits and purchases
Communicate with you – send account-related and transactional messages (e.g., sign-up confirmation, password reset)
Operate and secure the service – monitor performance, prevent abuse, and comply with legal obligations
Improve the service – we may use aggregated or de-identified data to improve our models and product; we do not use your identifiable imaging or report content for marketing or sell it to third parties

We do not use your health or imaging data for advertising.

4. Third-Party Services

We use the following third parties to run the service. Each has its own privacy policy; we encourage you to review them.

Service	Purpose	Privacy
Supabase	Authentication, database	Supabase Privacy
Stripe	Payment processing	Stripe Privacy
OpenAI	AI analysis of images and text	OpenAI Privacy

When you use DICOM Reader, your account data, DICOM files, reports, and chat content are processed by us and by these providers as necessary to deliver the service. We require that they protect your data in line with our commitments and applicable law.

5. Data Retention

Account data – retained until you close your account or ask us to delete it.
DICOM studies, reports, and chat – retained according to our internal retention policy (e.g., for as long as your account is active, unless you delete a report or we notify you of a shorter period). We may retain certain data longer where required by law (e.g., tax, disputes).
Payment records – retained as needed for accounting, tax, and dispute resolution, in line with Stripe’s and our legal obligations.
Logs – retained for a limited period for security and operations.

If you want a specific retention period or deletion of certain data, contact us using the details above.

6. Data Security

We use industry-standard measures to protect your data:

Encryption in transit – all data is transmitted over HTTPS.
Encryption at rest – your data is stored using encryption where supported by our infrastructure and providers.
Access control – access to your data is limited to what is needed to operate the service; we use role-based access and secure keys.
Isolation – your studies and reports are tied to your account and not shared with other users.

No system is completely secure. We will notify you and regulators as required by law if we become aware of a breach that affects your personal data.

7. Your Rights and Choices

Depending on where you live, you may have the right to: Access, Correction, Deletion, Portability, Object or restrict processing, Withdraw consent, and Complain to a supervisory authority.

To exercise any of these rights, contact us at the email address above. We will respond within the time required by applicable law (e.g., 30 days under many regulations).

Account and data deletion: You may delete individual reports from your account. To delete your entire account and associated data, contact us; we will process the request in line with our retention and legal obligations.

8. Children

Our service is not intended for users under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us so we can delete it.

9. International Transfers

We and our service providers may store and process data in the United States and other countries. If you are in the European Economic Area, United Kingdom, or another region with strict transfer rules, we rely on appropriate safeguards (e.g., standard contractual clauses) where required. You may request details of these safeguards by contacting us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and change the “Last updated” date. If changes are material, we will notify you by email or through the service. Your continued use of DICOM Reader after the effective date of the new policy constitutes acceptance of the updated terms.

11. Contact

For any questions about this Privacy Policy or our privacy practices:
Email: support@dicom-reader.com

This policy is intended to allow DICOM Reader to operate in a compliant and transparent manner. It is not legal advice. Consider having a lawyer review it for your jurisdiction and business structure.